Accessing Office 365 Email Using Text to Speech in Unity Connection 8.6(2) and Later

When Unity Connection is configured to allow access to Office 365 email using text to speech, users have the option to hear their emails read to them when they sign in to Unity Connection by phone.

Accessing Office 365 Calendars and Contacts in Unity Connection 8.6(2) and Later

When Unity Connection is configured to access Office 365 calendars and contacts, Unity Connection users can do the following by phone:

Hear a list of upcoming meetings (Outlook meetings only).

Hear a list of the participants for a meeting.

Send a message to the meeting organizer.

Send a message to the meeting participants.

Accept or decline meeting invitations (Outlook meetings only).

Cancel a meeting (meeting organizers only).

In addition, Unity Connection enables users to import Office 365 contacts using the Unity Connection Messaging Assistant web tool. The contact information can then be used in rules that users create in the Cisco Unity Connection Personal Call Transfer Rules web tool and when users place outgoing calls using voice commands.

Synchronizing Voice Messages in Unity Connection and Office 365 Mailboxes for Single Inbox

This section describes how synchronizing voice messages in Connection and Office 365 mailboxes works. See the following sections:

Storing Voice Messages with Single Inbox Configuration

All Unity Connection voice messages, including those sent from Cisco Unity Connection ViewMail for Microsoft Outlook, are first stored in Unity Connection and are immediately replicated to the Office 365 mailbox for the recipient.

Single Inbox with ViewMail for Outlook

If you want users to use Outlook to send new Unity Connection voice messages, or to reply to or forward voice messages, and if you want the messages to be synchronized with Unity Connection:

If you have not already done so, in Unity Connection Administration, add SMTP proxy addresses for the Unity Connection users that are configured for single inbox. The SMTP proxy address for a user must match the Office 365 email address that is specified in the unified messaging account in which single inbox is enabled.

Install ViewMail for Outlook on user workstations. Without ViewMail for Outlook installed, voice messages are sent by Outlook as emails with.wav file attachments, and are treated as emails by Unity Connection.

On each user workstation, associate an email account with a Unity Connection server.

Voice messages appear in the Outlook Inbox folder of the user, alongside other messages that are stored in Office 365; the voice messages also appear in the Unity Connection mailbox of the user.

When single inbox is configured, Unity Connection adds a Voice Outbox folder to the Outlook mailbox. Unity Connection voice messages sent from Outlook do not appear in the Sent Items folder.

Private messages cannot be forwarded.

Single Inbox without ViewMail for Outlook or with Other Email Clients

If you use another email client to access Unity Connection voice messages in Office 365, or if you do not install ViewMail for Outlook:

When a user replies to or forwards a Unity Connection voice message, the reply or forward also is treated like an email, even if the user attaches a.wav file. Message routing is handled by Office 365, not by Unity Connection, so the message is never sent to the Unity Connection mailbox for the recipient.

Users cannot listen to secure voice messages.

It may be possible to forward private voice messages. (When users use ViewMail for Outlook, ViewMail for Outlook prevents private messages from being forwarded.)

Accessing Secure Voice Messages in the Exchange Mailbox

To play secure Unity Connection voice messages in the Exchange mailbox, users must use Microsoft Outlook and Cisco Unity Connection ViewMail for Microsoft Outlook. Without ViewMail for Outlook installed, users accessing secure voice messages see only text in the body of a decoy message; the text briefly explains secure messages.

Synchronization with Outlook Folders

Unity Connection synchronizes voice messages in the following Outlook folders with the Unity Connection Inbox folder for the user, so the messages are still visible in the Unity Connection Inbox folder:

If the user moves voice messages (except secure voice messages) into Outlook folders that are not under the Inbox folder, the messages are moved to the deleted items folder in Unity Connection. The messages can still be played using ViewMail for Outlook because a copy still exists in the Outlook folder. If the user moves the messages back into the Outlook Inbox folder or into an Outlook folder that is synchronized with the Unity Connection Inbox folder, and:

If the message is still in the deleted items folder in Unity Connection, the message is synchronized back into the Unity Connection Inbox for that user.

If the message is not still in the deleted items folder in Unity Connection, the message is still playable in Outlook, but it is not resynchronized into Unity Connection.

Secure voice messages behave differently. When Unity Connection replicates a secure voice message to Office 365, it replicates only a decoy message that briefly explains secure messages; the only copy of the voice message remains on the Unity Connection server. When a user plays a secure message using ViewMail for Outlook, ViewMail retrieves the message from the Unity Connection server and plays it without ever storing the message in Office 365 or on the computer of the user.

If the user moves a secure message to an Outlook folder that is not synchronized with the Unity Connection Inbox folder, the only copy of the voice message is moved to the deleted items folder in Unity Connection, and the message can no longer be played in Outlook. If the user moves the message back into the Outlook Inbox folder or into an Outlook folder that is synchronized with the Unity Connection Inbox folder, and:

If the message is still in the deleted items folder in Unity Connection, the message is synchronized back into the Unity Connection Inbox for that user, and the message becomes playable again in Outlook.

If the message is not still in the deleted items folder in Unity Connection, the message is not resynchronized into Unity Connection and can no longer be played in Outlook.

Location of Deleted Messages

By default, when a user deletes a voice message in Unity Connection, the message is sent to the Unity Connection deleted items folder and synchronized with the Outlook Deleted Items folder. When the message is deleted from the Unity Connection deleted items folder (the user can do this manually, or you can configure message aging to do it automatically), it is also deleted from the Outlook Deleted Items folder.

If you are adding the single-inbox feature to an existing system, and if you have configured Unity Connection to permanently delete messages without saving them in the deleted items folder, messages that users delete using Web Inbox or Unity Connection phone interface are still permanently deleted. However, messages that users delete using Outlook are only moved to the Deleted Items folder in Outlook, not permanently deleted. When Unity Connection synchronizes with Office 365, the message is moved to the Unity Connection deleted items folder; it is not permanently deleted. We recommend that you do one or both of the following:

Configure message quotas, so that Unity Connection prompts users to delete messages when their mailboxes approach a specified size.

When a user deletes a voice message from any Outlook folder, including the Outlook Inbox folder, the Deleted Items folder, or any subfolder, the message is moved to the deleted items folder in Unity Connection. No operation in Outlook will cause a message to be permanently deleted in Unity Connection.

Types of Unity Connection Messages Not Synchronized with Office 365

The following types of messages are not synchronized:

Sent messages

Draft messages

Messages configured for future delivery but not yet delivered

Broadcast messages

Unaccepted dispatch messages. When a dispatch message has been accepted by a recipient, it becomes a normal message and is synchronized with Office 365 for the user who accepted it and deleted for all other recipients. Until someone on the distribution list accepts a dispatch message, the message waiting indicator for everyone on the distribution list will remain on, even when users have no other unread messages.

Replication of Status Changes

Status changes (for example, from unread to read), changes to the subject line, and changes to the priority are replicated from Unity Connection to Exchange and vice versa, as applicable.

Disabling and Re-enabling Single Inbox Affecting the Synchronization of Unity Connection and Office 365 Mailboxes

When you configure unified messaging, you create one or more unified messaging services that define, among other things, which unified messaging features are enabled. You also create one or more unified messaging accounts for each user to associate the user with unified messaging services. You can disable single inbox in three ways:

Entirely disable a unified messaging service in which single inbox is enabled. This disables all enabled unified messaging features (including single inbox) for all users that are associated with the service.

Disable only the single inbox feature for a unified messaging service, which disables only the single inbox feature for all users that are associated with that service.

Disable single inbox for a unified messaging account, which disables single inbox only for the associated user.

If you disable and later re-enable single inbox using any of these methods, Unity Connection resynchronizes the Unity Connection and Office 365 mailboxes for the affected users. Note the following:

If users delete messages in Office 365 but do not delete the corresponding messages in Connection while single inbox is disabled, the messages will be resynchronized into the Office 365 mailbox when single inbox is re-enabled.

If messages are hard deleted from Office 365 (deleted from the Deleted Items folder) before single inbox is disabled, the corresponding messages that are still in the deleted items folder in Unity Connection when single inbox is re-enabled will be resynchronized into the Office 365 Deleted Items folder.

If users delete messages in Unity Connection but do not delete the corresponding messages in Office 365 while single inbox is disabled, the messages remain in Office 365 when single inbox is re-enabled. Users must delete the messages from Office 365 manually.

If users change the status of messages in Office 365 (for example, from unread to read) while single inbox is disabled, the status of Office 365 messages will be changed to the current status of the corresponding Unity Connection messages when single inbox is re-enabled.

When you re-enable single inbox, depending on the number of users associated with the service and the size of their Unity Connection and Office 365 mailboxes, resynchronization for existing messages may affect synchronization performance for new messages.

Unity Connection can send heard/read receipts, delivery receipts, and non-delivery receipts to Unity Connection users who send voice messages. If the sender of a voice message is configured for single inbox, the applicable receipt is sent to the Unity Connection mailbox for the sender. The receipt is then synchronized into the Office 365 mailbox for the sender.

Note the following.

Read/heard receipts: When sending a voice message, a sender can request a read/heard receipt. If you do not want Unity Connection to respond to requests for read receipts, in Unity Connection Administration, uncheck the Respond to Requests for Read Receipts check box, which appears on the Users > Users > Edit > Mailbox page and on the Templates > User Templates > Edit > Mailbox page.

Delivery receipts: A sender can request a delivery receipt only when sending a voice message from ViewMail for Outlook. You cannot prevent Unity Connection from responding to a request for a delivery receipt.

Non-delivery receipts (NDR): A sender receives an NDR when a voice message cannot be delivered. If you do not want Unity Connection to send an NDR when a message cannot be delivered, in Unity Connection Administration, uncheck the Send Non-Delivery Receipts for Message Failed Delivery check box, which appears on the Users > Users > Edit User Basics page and on the Templates > User Templates > Edit User Template Basics page.

Note the following about NDRs:

– When the sender accesses Unity Connection using the TUI, the NDR includes the original voice message, which allows the sender to resend the message at a later time or to a different recipient.

– When the sender accesses Unity Connection using Web Inbox, the NDR includes the original voice message, but the sender cannot resend it.

– When the sender uses ViewMail for Outlook to access Unity Connection voice messages that have been synchronized into Office 365, the NDR is a receipt that contains only an error code, not the original voice message, so the sender cannot resend the voice message.

– When the sender is an outside caller, NDRs are sent to Unity Connection users on the Undeliverable Messages distribution list. Verify that the Undeliverable Messages distribution list includes one or more users who regularly monitors and reroutes undelivered messages.

Task List for Configuring Unity Connection 8.6(2) and Later and Office 365 for Unified Messaging

To configure one or more unified messaging features, complete the following tasks in the order presented.

3. If Unity Connection is integrated with an LDAP directory: Review the current LDAP directory configurations to confirm that the Cisco Unified Communications Manager Mail ID field is synchronized with the LDAP mail field. During the integration process, this causes values in the LDAP mail field to appear in the Corporate Email Address field in Unity Connection.

Unified messaging requires that you enter the Office 365 email address for each Unity Connection user. On the Unified Messaging Account page, each user can be configured to use either of the following values:

– The Corporate Email Address specified on the User Basics page

– The email address specified on the Unified Messaging Account page

Email address field on the Unified Messaging Account page can be populated using Unity Connection Administration or the Bulk Administration Tool.

4. If you are using single inbox and you want users to be able to use ViewMail for Outlook to send new voice messages, or to forward or reply to voice messages: Install Cisco Unity Connection ViewMail for Microsoft Outlook on user workstations. For more information on installing ViewMail for Outlook, see the Release Notes for Cisco Unity Connection ViewMail for Microsoft Outlook Release 8.5(x) at http://www.cisco.com/en/US/products/ps6509/prod_release_notes_list.html.

5. Synchronization threads configuration should be done based on latency between Unity Connection and Office 365 server. For more information, refer to "Latency" section of the design guide at

6.Decide whether you want Unity Connection to be able to search for and communicate with different Office 365 server, or you want Unity Connection to communicate with a specific Office 365 server in case the hostname or the IP Address of the specific Office 365 server is known. Auto Discovery is the recommended option.

If Connection is not already configured to use DNS, use the following CLI commands to configure DNS:

– set network dns

– set network dns options

We recommend that you configure Unity Connection to use the same DNS environment in which the Active Directory environment is publishing its records.

For more information on the CLI commands, see the applicable Command Line Interface Reference Guide for Cisco Unified Communications Solutions at http://www.cisco.com/en/US/products/ps6509/prod_maintenance_guides_list.html

8. If you are using single inbox and users do not already have added SMTP proxy addresses: Add proxy addresses to Connection user accounts. For more information, see the "SMTP Proxy Addresses in Cisco Unity Connection 8.x" section in the "Setting Up Features and Functionality That Are Controlled by User Account Settings in Cisco Unity Connection 8.x" chapter of the User Moves, Adds, and Changes Guide for Cisco Unity Connection, available at http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/8x/user_mac/guide/8xcucmacx/8xcucmac040.html.

Note that all users who are configured to use single inbox must be in a class of service in which single inbox is enabled.

Cisco Unified Communications Manager Business Edition only: Unity Connection counts all users in a class of service in which single inbox is enabled as single inbox users even if they are not configured to use single inbox. For example, if a Unity Connection server is licensed for 200 single-inbox users, and if you have three classes of service in which single inbox is enabled, the total number of users assigned to those three classes of service cannot exceed 200 users. This is true even if you only configure 50 users to use single inbox.

– Enable text-to-speech access to Exchange voice messages on one or more classes of service: check the Allow Access to Advanced Features check box on the applicable class of service page, and then check the Allow Access to Exchange Email Using Text to Speech (TTS) check box.

12. Selected configurations: For the following configuration, upload SSL certificates on the Unity Connection server to encrypt communication between Unity Connection and Office 365 and between Unity Connection and Active Directory:

If you configured Unity Connection to search for and communicate with different Exchange servers, to use LDAPS to communicate with domain controllers, and to validate certificates for domain controllers in Task 10.

Caution When you allow Unity Connection to search for and communicate with Office 365 servers, Unity Connection communicates with Active Directory servers using Basic authentication. By default, the user name and password of the unified messaging services account and all other communication between the Unity Connection and Active Directory servers is sent in clear text. If you want this data to be encrypted, in Task
11. you must configure unified messaging services to communicate with Active Directory domain controllers using the secure LDAP (LDAPS) protocol.

14. If Unity Connection voice messages are automatically being moved to the Outlook Junk Items folder: Change the Outlook configuration to add the sender of the voice message or the sender’s domain to the safe sender’s list. For more information, see Outlook Help.

15. To teach users how to use the Unity Connection calendar, refer them to the following:

Creating the Unified Messaging Services Account on Office 365 and Granting Permissions for Unity Connection 8.6(2) and Later

Unity Connection accesses Office 365 mailboxes using a domain service account called the unified messaging services account. After you create the account, you grant it the rights necessary for Unity Connection to perform operations on behalf of the user.

Task list for Creating the Unified Messaging Services Account and Granting Permissions for Unity Connection 8.6(2) and Later

1.Create one or more service accounts on the Office 365 servers with which you want Unity Connection to communicate. Note the following:

– Give the account a name that identifies it as the unified messaging services account for Unity Connection.

– Do not add the account to any administrator group.

– Do not disable the account, or Unity Connection cannot use it to access Office 365 mailboxes.

– Specify a password that satisfies the password-security requirements of your company. The password is encrypted with AES 128-bit encryption and stored in the Unity Connection database. The key that is used to encrypt the password is accessible only with root access, and root access is available only with assistance from Cisco TAC.

– When you are configuring unified messaging for a Unity Connection cluster, Unity Connection automatically uses the same unified messaging services account for both Unity Connection servers.

– When you are configuring unified messaging for intersite networking or for intrasite networking, you can use the same unified messaging services account for more than one Unity Connection server. However, this is not a requirement and does not affect functionality or performance.

Note This operation may not be allowed for the organization with the disabled customizations. In order to enable this operation, you need to execute the Enable-OrganizationCustomization task first, that is “Enable-OrganizationCustomization”.

Step 3 If you created more than one unified messaging services account, repeat Step 2 for the remaining accounts. Specify a different value for RoleName for each unified messaging services account.

Caution If you have activated the Active Directory Synchronization feature and migrating from local Exchange server to Office 365, then the further user management is done through the on-premises Active Directory Services and it gets synchronized with Office 365 automatically. You must make sure the Application Impersonation Management role is given to your Office 365 server.

Accessing Office 365 Using Remote Exchange Management PowerShell

To Access Office 365 Using Remote Exchange Management Power Shell

Step 1 Run Windows PowerShell as administrator

Step 2 On a Windows PowerShell endpoint, run the following command and enter the Office-365 administrator account credentials for authentication in the popup window.

$LiveCred = Get-Credential

Step 3 To establish a remote Windows PowerShell session with Office 365, use the New-PSSession Windows PowerShell cmdlet to connect with the generic remote Windows PowerShell endpoint at http://ps.outlook.com/powershell. Run the following command to create Remote Exchange Shell Session.

Step 3 Decide which options to select for the Message Action for Email and Message Action for Fax lists at the bottom of the page. (For field information, on the Help menu, select This Page.)

If you want to select Relay the Message or Accept and Relay the Message for either list, you must first configure an SMTP Smart Host on the System Settings > SMTP Configuration > Smart Host page. Connection Administration will not let you save a new unified messaging configuration with those settings when no SMTP Smart Host is configured. For SMTP smart host server, Unity Connection will communicate with on -premise SMTP relay servers only.

Step 4 On the New Unified Messaging Service page, in the Type list, select Office 365.

Note You can configure up to 1800 users with a single Office 365 Unified Messaging Service. For creating more than 1800 users with Office 365, you need to create more Unified Messaging services.

If you are creating more than one unified messaging service for Office 365, note that this is the name that will appear on the Users > Unified Messaging Accounts page when you configure users for unified messaging. Enter a display name that will simplify choosing the correct unified messaging service for each user.

Note It is mandatory to use Search for Hosted Exchange Servers option with Office 365.

b. Enter DNS Domain Name used for the Office 365 users.

In a hybrid environment where you route mails between an on-premise Exchange organization and Office 365, specify the special onmicrosoft.com domain name (such as mycompany.mail.onmicrosoft.com) provided by Microsoft.

If you are only using Office 365, try your domain name from your email addresses.

c. If you have Hosted Exchange servers in more than one Active Directory site, you can improve performance if you specify the site that contains the domain controllers that you want Unity Connection to use to find Exchange servers. In the Active Directory Site Name field, enter the name of the site.

d. In the Protocol Used to Communicate with Domain Controllers list, select whether Unity Connection should use LDAP or secure LDAP (LDAPS) when communicating with Active Directory to find Hosted Exchange servers.

Caution When you select Search for Hosted Exchange Servers, Unity Connection communicates with Active Directory servers using Basic authentication. As a result, the username and password of the unified messaging services account and all other communication between the Unity Connection and Active Directory servers is in clear text. If you want this data to be encrypted, you must select Secure LDAP (LDAPS) in the Protocol Used to Communicate with Domain Controllers list and upload certificates from the certification authority that issued the SSL certificates for Active Directory servers to both tomcat-trust and Unity Connection-trust locations.

Self-signed certificates cannot be validated. If you selected LDAPS from the Protocol Used to Communicate with Domain Controllers list, and if you are using self-signed certificates, do not check the Validate Certificates for Active Directory Domain Controllers check box. If you do check the check box, Unity Connection will not be able to access domain controllers to search for Hosted Exchange servers.

Step 10 In the Username and Password fields, enter the Active Directory username and password for the Domain Service account provided by Microsoft Office 365.

The username must be in User Principal Name(username@domain.com) format.

Step 11 Under Service Capabilities, select the features that you want this unified messaging service to allow.

Note When you configure unified messaging for Unity Connection users, you can disable for an individual user any feature that you enable here. However, you cannot enable for an individual user any feature that you disable here.

Step 6 Review the results, resolve problems, if any, and re-run the test until no more problems are found.

Testing System Configuration and Unified Messaging with Office 365 and Unity Connection 8.6(2) and Later

You can run a Unity Connection system test that includes tests of the unified messaging configuration and that provides summary data on configuration problems, if any, for example, the number of accounts assigned to a specified unified messaging service that has configuration problems.

To Check System Configuration and Unified Messaging Configuration with Office 365 and Unity Connection 8.6(2) and Later